[Bluewhite64 Linux Security] cyrus-sasl [BW64SA:200905016-01]
Hash: SHA1
[Bluewhite64 Linux Security] cyrus-sasl [BW64SA:200905016-01]
New cyrus-sasl packages are available for Bluewhite64 Linux 11.0, 12.0, 12.1,
12.2, and -current to fix a security issue. A buffer overflow in the
sasl_encode64() function could lead to a denial of service or possible
execution of arbitrary code.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/cyrus-sasl-2.1.23-x86_64-1.tgz:
Upgraded to cyrus-sasl-2.1.23.
This fixes a buffer overflow in the sasl_encode64() function that could lead
to crashes or the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
[*** Security fix ***]
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/cyrus-sasl-2.1.23-x86_64-1.tgz
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/cyrus-sasl-2.1.23-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/cyrus-sasl-2.1.23-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/cyrus-sasl-2.1.23-x86_64-1.tgz
For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/cyrus-sasl-2.1.23-x86_64-1.txz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 11.0 package:
22718fc1874f36d9fe25b7b36e4a5671 cyrus-sasl-2.1.23-x86_64-1.tgz
Bluewhite64 12.0 package:
0eeeb6dede8f21381424227b0b9423f1 cyrus-sasl-2.1.23-x86_64-1.tgz
Bluewhite64 12.1 package:
36a3a1697bd818aff640c6ffae550996 cyrus-sasl-2.1.23-x86_64-1.tgz
Bluewhite64 12.2 package:
af4d77f81c1f22c1a4bd911c20ad7dab cyrus-sasl-2.1.23-x86_64-1.tgz
Bluewhite64 -current package:
be1a38227d0f8364d8eab3984557e769 cyrus-sasl-2.1.23-x86_64-1.txz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg cyrus-sasl-2.1.23-x86_64-1.tgz
If you are using any network services (such as sendmail) then you
have to restart this services.
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoOW94ACgkQpTOsxuDdlY7C4QCdFHp9fDrKuuN/DbHPX7b7zOwo
51UAnRgAME9vJLx8/Qjk+K+eYOaiH+sy
=VKAM
-----END PGP SIGNATURE-----